--- Quote from: nend on May 12, 2012, 02:20:28 PM ---Here I just thought of this one, Here is a can of worms.

There we go, just set a cookie in your browser from a different domain through a script claiming to be a image. Now who is reliable for that?

--- End quote ---

In the UK, the Information Commissioner (who enforces the new law) will very likely hold the site owner liable for any third-party cookies delivered to visitors to that site.

nend:
Points I am trying to make, is that search engines like Google are going to penalize you for this. Even if you allow them in they will still penalize you for showing different content to a search engine vs a user. Second point is how are you going to prevent all third party cookies, there is no way a webmaster can be sure of all cookies, like the image above a cookie can be set by a generated image which can be hosted elsewhere.

Should the site owner be liable for third party cookies they may be unaware of?

Say I put this image on your site, I am not bound by the same laws so it is legal for me but not for you. How would the law handle this, embedded content.

Maybe getting off topic here though, but SEO is a real problem with this method. Only option for SEO sake is to allow anybody in and make sure the site doesn't set a cookie, but then you got your third parties. Maybe safe to turn of generated images in the BBC, to only allow non generated images.

Fact though, IMHO a simple mod is not going to achieve this, a more complex modification is needed. Even though, you will have to be extremely careful not to allow third party ads if law makes you reliable for them. There are allot of stuff that can set a cookie, this doesn't look like such a easy task if your reliable for third parties.

Really though, the law makes you reliable for third party cookies?

bonzo:
I think it is a mess and nobody knows how to implement the law properly and most web users do not know what it means. Another law that has not been thought through properly and probaly creates "jobs for the boys" ( work that is given by someone who is in an important position to their friends or members of their family ).

One problem feline and that is I can not browse your website without accepting a cookie and perhaps I do not want to do that. How do you sell your product in that case? Does this mean that all websites should have a version of their website without any cookies what so ever?

My attitude nend is to do the best you can and if something sneeks in at least you can prove you have tried.

karlbenson:
Interesting modification.

MrPhil:
I agree with @bonzo that it's a mess. It's well-intentioned (stop the invasion of privacy by the use of tracking cookies), but stupidly implemented. My advice is

* Be careful not to add mods which use tracking cookies. Someone please start a list of mods which use potentially illegal tracking cookies?* If you want to add tracking cookie mods (e.g., for revenue generation), find a way to shut them off in the EU.* Add highlighted text to the agreement.txt file notifying users that you have some cookies on your site, but they are used only to maintain the session and not to track them.If the EU wants to prosecute you for normal SMF session cookies, just point out all the government sites illegally using cookies (e.g., the British ICO) and publicly demand that they be the first prosecuted. Who knows, you may be the straw that breaks the camel's back and brings down the whole EU! :)